From 88c0ee1b48cba41f14e484efc1167a25c96c8013 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 23 Sep 2024 09:58:08 +0100 Subject: [PATCH 1/5] chore: add test for copy perms --- .../provider/cached_image_resource_test.go | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/internal/provider/cached_image_resource_test.go b/internal/provider/cached_image_resource_test.go index 6b6c832..2295f63 100644 --- a/internal/provider/cached_image_resource_test.go +++ b/internal/provider/cached_image_resource_test.go @@ -161,6 +161,41 @@ RUN date > /date.txt`, ) }, }, + { + // This tests correct handling of the difference in permissions between + // the provider and the image when running a COPY instruction. + name: "copy_perms", + files: map[string]string{ + "Dockerfile": ` + FROM localhost:5000/test-ubuntu:latest + COPY date.txt /date.txt`, + "date.txt": fmt.Sprintf("%d", time.Now().Unix()), + }, + extraEnv: map[string]string{ + "CODER_AGENT_TOKEN": "some-token", + "CODER_AGENT_URL": "https://coder.example.com", + "FOO": testEnvValue, + "ENVBUILDER_GIT_URL": "https://not.the.real.git/url", + "ENVBUILDER_CACHE_REPO": "not-the-real-cache-repo", + "ENVBUILDER_DOCKERFILE_PATH": "Dockerfile", + }, + assertEnv: func(t *testing.T, deps testDependencies) resource.TestCheckFunc { + return resource.ComposeAggregateTestCheckFunc( + assertEnv(t, + "CODER_AGENT_TOKEN", "some-token", + "CODER_AGENT_URL", "https://coder.example.com", + "ENVBUILDER_CACHE_REPO", deps.CacheRepo, + "ENVBUILDER_DOCKERFILE_PATH", "Dockerfile", + "ENVBUILDER_DOCKER_CONFIG_BASE64", deps.DockerConfigBase64, + "ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH", deps.Repo.Key, + "ENVBUILDER_GIT_URL", deps.Repo.URL, + "ENVBUILDER_REMOTE_REPO_BUILD_MODE", "true", + "ENVBUILDER_VERBOSE", "true", + "FOO", "bar\nbaz", + ), + ) + }, + }, } { t.Run(tc.name, func(t *testing.T) { //nolint: paralleltest From 9cb998045e7bc8599cba465e5a29537eb0fe655c Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Tue, 24 Sep 2024 18:06:12 +0100 Subject: [PATCH 2/5] update kaniko and envbuilder to include fix --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 24c3ee5..e287f38 100644 --- a/go.mod +++ b/go.mod @@ -3,14 +3,14 @@ module github.com/coder/terraform-provider-envbuilder go 1.22.4 // We use our own Kaniko fork. -replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240830141327-f307586e3dca +replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240924160037-1e6bd4e19fc6 // Required to import codersdk due to gvisor dependency. replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374 require ( github.com/GoogleContainerTools/kaniko v1.9.2 - github.com/coder/envbuilder v1.0.0-rc.0.0.20240910082823-b7781d802f88 + github.com/coder/envbuilder v1.0.0-rc.0.0.20240924170424-29636303d05f github.com/coder/serpent v0.8.0 github.com/docker/docker v26.1.5+incompatible github.com/gliderlabs/ssh v0.3.7 diff --git a/go.sum b/go.sum index a58cf0c..6f75426 100644 --- a/go.sum +++ b/go.sum @@ -186,10 +186,10 @@ github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoC github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352 h1:L/EjCuZxs5tOcqqCaASj/nu65TRYEFcTt8qRQfHZXX0= github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352/go.mod h1:P1KoQSgnKEAG6Mnd3YlGzAophty+yKA9VV48LpfNRvo= -github.com/coder/envbuilder v1.0.0-rc.0.0.20240910082823-b7781d802f88 h1:eXOILD2tWepnV1r7XZalBX0yC4NJMnpf6OP1nF8O2Ak= -github.com/coder/envbuilder v1.0.0-rc.0.0.20240910082823-b7781d802f88/go.mod h1:krXpDmUsORgNNdvBe6tnwWCGGDLhabom1UUqAZq9+v0= -github.com/coder/kaniko v0.0.0-20240830141327-f307586e3dca h1:PrcSWrllqipTrtet50a3VyAJEQmjziIZyhpy0bsC6o0= -github.com/coder/kaniko v0.0.0-20240830141327-f307586e3dca/go.mod h1:XoTDIhNF0Ll4tLmRYdOn31udU9w5zFrY2PME/crSRCA= +github.com/coder/envbuilder v1.0.0-rc.0.0.20240924170424-29636303d05f h1:1KdB2Jbo+zLuG+R08/By1BIeHBcKXiOqv95wZ5+Ewks= +github.com/coder/envbuilder v1.0.0-rc.0.0.20240924170424-29636303d05f/go.mod h1:ju1iDjfVSUQS3tlaIItlRo8UwYbGN5KvOdnbOzlD/6I= +github.com/coder/kaniko v0.0.0-20240924160037-1e6bd4e19fc6 h1:vLlV6P0abwoOeaBwkqQxB31ZzMv483UQLhQuPvXbvRM= +github.com/coder/kaniko v0.0.0-20240924160037-1e6bd4e19fc6/go.mod h1:XoTDIhNF0Ll4tLmRYdOn31udU9w5zFrY2PME/crSRCA= github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs= github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc= github.com/coder/quartz v0.1.0 h1:cLL+0g5l7xTf6ordRnUMMiZtRE8Sq5LxpghS63vEXrQ= From e5c8a8375b03ca90fab0574420a3586113b677b1 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Wed, 25 Sep 2024 10:16:08 +0100 Subject: [PATCH 3/5] add multi-stage version of copy perms test --- .../provider/cached_image_resource_test.go | 41 ++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/internal/provider/cached_image_resource_test.go b/internal/provider/cached_image_resource_test.go index 2295f63..2bd63c6 100644 --- a/internal/provider/cached_image_resource_test.go +++ b/internal/provider/cached_image_resource_test.go @@ -168,7 +168,46 @@ RUN date > /date.txt`, files: map[string]string{ "Dockerfile": ` FROM localhost:5000/test-ubuntu:latest - COPY date.txt /date.txt`, + COPY date.txt /date.txt + RUN chown 1000:1000 /date.txt`, + "date.txt": fmt.Sprintf("%d", time.Now().Unix()), + }, + extraEnv: map[string]string{ + "CODER_AGENT_TOKEN": "some-token", + "CODER_AGENT_URL": "https://coder.example.com", + "FOO": testEnvValue, + "ENVBUILDER_GIT_URL": "https://not.the.real.git/url", + "ENVBUILDER_CACHE_REPO": "not-the-real-cache-repo", + "ENVBUILDER_DOCKERFILE_PATH": "Dockerfile", + }, + assertEnv: func(t *testing.T, deps testDependencies) resource.TestCheckFunc { + return resource.ComposeAggregateTestCheckFunc( + assertEnv(t, + "CODER_AGENT_TOKEN", "some-token", + "CODER_AGENT_URL", "https://coder.example.com", + "ENVBUILDER_CACHE_REPO", deps.CacheRepo, + "ENVBUILDER_DOCKERFILE_PATH", "Dockerfile", + "ENVBUILDER_DOCKER_CONFIG_BASE64", deps.DockerConfigBase64, + "ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH", deps.Repo.Key, + "ENVBUILDER_GIT_URL", deps.Repo.URL, + "ENVBUILDER_REMOTE_REPO_BUILD_MODE", "true", + "ENVBUILDER_VERBOSE", "true", + "FOO", "bar\nbaz", + ), + ) + }, + }, + { + // Same as above, except for multi-stage build. + name: "copy_perms_multistage", + files: map[string]string{ + "Dockerfile": ` + FROM localhost:5000/test-ubuntu:latest AS a + COPY date.txt /date.txt + RUN chown 1000:1000 /date.txt + FROM localhost:5000/test-ubuntu:latest + COPY --from=a /date.txt /date.txt + RUN chown 1001:1001 /date.txt`, "date.txt": fmt.Sprintf("%d", time.Now().Unix()), }, extraEnv: map[string]string{ From a18082cdec5122c4f640d11ca208a112d0747901 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Wed, 25 Sep 2024 10:24:57 +0100 Subject: [PATCH 4/5] remove unnecessary chowns, collapse to single test --- .../provider/cached_image_resource_test.go | 40 +------------------ 1 file changed, 2 insertions(+), 38 deletions(-) diff --git a/internal/provider/cached_image_resource_test.go b/internal/provider/cached_image_resource_test.go index 2bd63c6..86dd581 100644 --- a/internal/provider/cached_image_resource_test.go +++ b/internal/provider/cached_image_resource_test.go @@ -164,50 +164,14 @@ RUN date > /date.txt`, { // This tests correct handling of the difference in permissions between // the provider and the image when running a COPY instruction. + // Added to verify fix for coder/terraform-provider-envbuilder#43 name: "copy_perms", files: map[string]string{ "Dockerfile": ` - FROM localhost:5000/test-ubuntu:latest - COPY date.txt /date.txt - RUN chown 1000:1000 /date.txt`, - "date.txt": fmt.Sprintf("%d", time.Now().Unix()), - }, - extraEnv: map[string]string{ - "CODER_AGENT_TOKEN": "some-token", - "CODER_AGENT_URL": "https://coder.example.com", - "FOO": testEnvValue, - "ENVBUILDER_GIT_URL": "https://not.the.real.git/url", - "ENVBUILDER_CACHE_REPO": "not-the-real-cache-repo", - "ENVBUILDER_DOCKERFILE_PATH": "Dockerfile", - }, - assertEnv: func(t *testing.T, deps testDependencies) resource.TestCheckFunc { - return resource.ComposeAggregateTestCheckFunc( - assertEnv(t, - "CODER_AGENT_TOKEN", "some-token", - "CODER_AGENT_URL", "https://coder.example.com", - "ENVBUILDER_CACHE_REPO", deps.CacheRepo, - "ENVBUILDER_DOCKERFILE_PATH", "Dockerfile", - "ENVBUILDER_DOCKER_CONFIG_BASE64", deps.DockerConfigBase64, - "ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH", deps.Repo.Key, - "ENVBUILDER_GIT_URL", deps.Repo.URL, - "ENVBUILDER_REMOTE_REPO_BUILD_MODE", "true", - "ENVBUILDER_VERBOSE", "true", - "FOO", "bar\nbaz", - ), - ) - }, - }, - { - // Same as above, except for multi-stage build. - name: "copy_perms_multistage", - files: map[string]string{ - "Dockerfile": ` FROM localhost:5000/test-ubuntu:latest AS a COPY date.txt /date.txt - RUN chown 1000:1000 /date.txt FROM localhost:5000/test-ubuntu:latest - COPY --from=a /date.txt /date.txt - RUN chown 1001:1001 /date.txt`, + COPY --from=a /date.txt /date.txt`, "date.txt": fmt.Sprintf("%d", time.Now().Unix()), }, extraEnv: map[string]string{ From 58078d91a99f084f53860f77e25c0fcd319b0d53 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Wed, 25 Sep 2024 13:43:31 +0100 Subject: [PATCH 5/5] update envbuilder and kaniko --- go.mod | 4 ++-- go.sum | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index e287f38..e6bc076 100644 --- a/go.mod +++ b/go.mod @@ -3,14 +3,14 @@ module github.com/coder/terraform-provider-envbuilder go 1.22.4 // We use our own Kaniko fork. -replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240924160037-1e6bd4e19fc6 +replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240925122543-caa18967f374 // Required to import codersdk due to gvisor dependency. replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374 require ( github.com/GoogleContainerTools/kaniko v1.9.2 - github.com/coder/envbuilder v1.0.0-rc.0.0.20240924170424-29636303d05f + github.com/coder/envbuilder v1.0.0-rc.0.0.20240925123650-9c315aabfaef github.com/coder/serpent v0.8.0 github.com/docker/docker v26.1.5+incompatible github.com/gliderlabs/ssh v0.3.7 diff --git a/go.sum b/go.sum index 6f75426..32f07ed 100644 --- a/go.sum +++ b/go.sum @@ -188,8 +188,12 @@ github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352 h1:L/EjCuZxs5tOc github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352/go.mod h1:P1KoQSgnKEAG6Mnd3YlGzAophty+yKA9VV48LpfNRvo= github.com/coder/envbuilder v1.0.0-rc.0.0.20240924170424-29636303d05f h1:1KdB2Jbo+zLuG+R08/By1BIeHBcKXiOqv95wZ5+Ewks= github.com/coder/envbuilder v1.0.0-rc.0.0.20240924170424-29636303d05f/go.mod h1:ju1iDjfVSUQS3tlaIItlRo8UwYbGN5KvOdnbOzlD/6I= +github.com/coder/envbuilder v1.0.0-rc.0.0.20240925123650-9c315aabfaef h1:l9mQMoHNl7P2tiahwM2zkUCdWsjSoLsUDn30Ndgsx0Y= +github.com/coder/envbuilder v1.0.0-rc.0.0.20240925123650-9c315aabfaef/go.mod h1:1Qn60Fx3oGZlwmRfTNkrGxrQJsEZ7XIUUPgzil2lte8= github.com/coder/kaniko v0.0.0-20240924160037-1e6bd4e19fc6 h1:vLlV6P0abwoOeaBwkqQxB31ZzMv483UQLhQuPvXbvRM= github.com/coder/kaniko v0.0.0-20240924160037-1e6bd4e19fc6/go.mod h1:XoTDIhNF0Ll4tLmRYdOn31udU9w5zFrY2PME/crSRCA= +github.com/coder/kaniko v0.0.0-20240925122543-caa18967f374 h1:/cyXf0vTSwFh7evQqeWHXXl14aRfC4CsNIYxOenJytQ= +github.com/coder/kaniko v0.0.0-20240925122543-caa18967f374/go.mod h1:XoTDIhNF0Ll4tLmRYdOn31udU9w5zFrY2PME/crSRCA= github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs= github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc= github.com/coder/quartz v0.1.0 h1:cLL+0g5l7xTf6ordRnUMMiZtRE8Sq5LxpghS63vEXrQ=